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Claim 1 (currently amended): A computer program product embodied on computer readable 
media readable by a computing system in a computing environment, for enforcing security policy 
using style sheet processing, comprising: 

computer-readable proe™™ cnde m«»»« far nhtainin? an input document; 

one o r m o r e s t o red po liri y mfnrfipmmt ph}*"**, "fr-r^m onnh nf mid ntnr e d poliev 
e n f oro an e nt o bj eett T mrifiri n ™™'"*y r" H T * n ^ "- - ^"tcd with ecro or more elemento of oaid 
kiput document; 

com puter-readable program code me «™» f™- r.hfaininp a Document Type Definition (DTD) 
corresponding to flat defines elements of said input document, wherein: (1) aft attribute of at 
le ast one element defined in said DTD han been augmented with one or more references to 



Bclcctod onco one of a plurality of said stored policy enforcement objects-, (?) more than one of 
said references may reference a single stored policy e nforcement object: and (3) each of said 
stored policy enforcement objects specifies a visibility policy fors aid referencing element or 
elements, said visibility policy identifying an encryption requir ement for all elements having that 
visibility policy and a community whose members are aut horized to view those elements; 

computer-readable program code means for ap plyiTiR ope or more style sheets to said 
input document thereby adding markup notation to each eleme nt of said input document for 
which said element definition m said DTD references one of said stored Policy enforcement 
objects specifying a visibility policy with a non-null encryptio n requirement, resulting in creation 
of an interim transient document that indicates elemen ts of said incut document which are to be 
encrypted; and 
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ontn pt itetwrtadahfr pm^am code means far cre ating an output document ffl which each 



0* 



pi.m^t nf interim tr a™*"* Hoenmerit far which markup notation has been added is 
^^Ypt«l tn a maimer th ^t enables a cler k p^ss associated with a group that 15 a communit y 

- ittoriMd to vie w that element to use key distributio n material associated wfth the 
nut pnt document when decry pting the encrypted element. 

on augmented style shoot processor, wherein said augmented processor further com poses* 
tuo u ipu tc r re adable pT og rrr m fftffa mmm i^dmg mid DTP; 
uum p u tc i r eadable pro p rn m nnrir mrnm far r ftrnlT ""C Mrfh nf mid one or more 

raferencca in ooid loaded DTP ? 

uu uip ulcr r e ad ab l e program r nf l r mmnrr far WnTV ^ nHir T n ™ H r nBrv ""fakement 

objects associat e d with said resolved r e ferences; 

c o m put e r readable pioynm code mftnm far "ir ftff1rt ™g mWtnd onari nf said 
totontio tc d policy mfrr**™™* »Kjgnt« /luring nppliftfttinn of one or more style ahooto to said inpu t 
doc u me nt, wh e r ei n q rrmft nf inM ^inrT 11tnr t"" e"»™ ondc maom for executing fo aa 

interim tronsient document reflocting odd execution; 

eomputor readable program oodc moans for generating one or more random 
encryption keys; 

eomputor readable program cod e- moons for encrypting selected element s of said 
interim transient document, wherein a particular on e of said generated random encryption key s 
may be used to encrypt one or more of s aid s e l e cted dements, while leaving zero or more other 
dements of said interim transient document unencrypted; 
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computer readable program code mcnno for encrypting each of mid one or more 

random encryption keys; and 

c ompute r r ead able program ?nft n Tf™"™ fnr <™ntfap m encrypted output 
docum en t eompruin g Jcdd zrro o r m o rr nth rt r ^"""rypt™! i J » montfl. noM aelectod encrypt ed 
elements), and Mid encrypted encryption keys; 

co mputer readable program code moana for requesting, from a uoar or process on n client 
d e vice, aaid encrypted output document, wherein said user or proce s s is a member of a particular 
group authorized to view at boot one of paid delected encrypted elements; 

oomputor-rcadablc program code moons for receiving paid requested output document at 

$K 3t>id client dovioe; and 

an augmented document proc e ssor executed on said client devic e ^ comprising: 

computet r e adable program rrrrh m™rr ^ r "nntnnrtng n cl e rk of ooid particular 
group for decryption of qolooted ones of aaid encrypted encryption keys; and 

computer readable program code meano for doerypting ooid requested output 
d ocument using said decrypted selected ones of said encrypt e d encryption keys, tt 



Claim 2 (currently amended): The computer program product according to Claim I, further 
comprising computer-readable program code means for rendering said output result document on 
oaidolient acBent device. 



Serial No. 09/422,537 - 18 - Docket RSW9-99-111 



PAGE 20/89 * RCVD AT 4/7/2004 6:57:11 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/0 * DNlS:8729306 * CSID:4073437587 * DURATION (mm-ss):21-30 



04/87/2804 18:03 40734 




PAGE 21 



0." 



Claim 3 (currently amended): The computer program product according to Claim 1, wherein said 
^Anp notation in said interim transient document comprises one or more encryption tags 
identifying e lemcnto n o d di ng encryption of a markup language . 

Claim 4 (original): The computer program product according to Claim 1 , wherein said input 
document is specified in an Extensible Markup Language (XML) notation. 

Claim 5 (currently amended): The computer program product according to Claim 4, wherein said 
outpu t result document is specified in said XML notation. 

Claim 6 (currently amended): The computer program product according to Claim 1, wherein said 
stored policy enforcement objects further comprise computer-readable program code means for 
overriding a method for evaluating said elements of said input document, and wherein said 
computer-readable program code means for «pp ¥"F said 1 one or more stvle sheets clouting 
further comprises computer-readable program code means for invoking ex e cuting said 
computer readable program — ny*" *^ thereby causing said markup notation to 
be added . 

Claim 7 (original): The computer program product according to Claim 6, wherein said style 
sheets are specified in an Extensible Stylesheet Language (XSL) notation. 
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Claim S (original): The computer program product according to Claim 7, wherein said method is 
a value-of method of said XSL notation, and wherein said computer-readable program code 
means for overriding said value-of method is by subclassing said value-of method. 

Claim 9 (currently amended): The computer program product according to Claim € or Claim 8, 
wherein: 

said overridden overriding method comprises: 

computer-readable program code means for generating paid markup notation as 

encryption tags; and 

^ computer-readable program code means for inserting said generated encryption 

tags into said interim transient document to surround elements of said interim transient document 
for which said visibility nolicv of said elements in said input doc ument have said non-null fife 
determin e d to require encryption requirement : and 

said computer-readable program code means for creating said output document farthe r 
comprises computer-readable program cod e means for encrypting selected olemonto encryp ts 
those elements surrounded by said inserted encryption tags. 

Claim 10 (canceled) 

Claim 1 1 (currently amended): The computer program product according to Claim 10, wher e in 
Claim 1. wherein said encryption requirement further comprises salification of an encryption 
algorithm to be used when encrvp tinp eleme nts having t hat visibility policy. 
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Claim 12 (currently amended): The computer program product according to Claim 10, wherein 
Claim 1 . wherein said encryption requirement further comprises specification of an encryption 
algorithm strength value to he used when encrvnting elements having that visibility policy . 

Claim 13 (currently amended): The computer program product according to Claim 10, wherein 
Haim 1 . wherein said computer-readable prot n™" code means for creating said output document 
further comprises: 

mm™iter-read*h1e program c ode means for generating a distinct symmetric key for each 
in line one of said communities identified bv said visibility pofov in said stored policy objects^ 
e ach of said elements of s aid input document: and 

said-computer-readable program code means for encrypting eachpf said distinct 
symmetric kevs to create roember-speci 6 c versions thereof, farther comprisinR: 

computer- "^*™* pm ptam code me ans for determining whether each of said 
members of said community for which said d istinct svnimetric key was generated js an , individual 
or a group: and 

computer-readable prop-am code means for encr ypting a separate version of said 
distinct symmetric kev for each determined individual and for a clerk process associated with each 
determined group, encryption koya further coroprigca computer readable program code moano for 
cim ypUng a different version of each of said random encryption lcoyo for onoh of said one or more 
members of each of zero or mor e- of said conummft i ca which moo acid e ncryption k e y , and 
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wherein onoh of arid differont vcroionp is encrypted using a public key of said community membef 
for which said different version wqq encrypted* 

Claim 14 (currently amended): The computer program product according to Claim 10, wherein 
. laid c ncrjptitm iiquir cm-nt ir*y * tft fadfanto that paid specified security policy 

^nnnnt mqiitrn fmrrjr p t in n Claim 13. wh erein said computer-readable program code means for 
encrypting a separate version of said distinct symmet ri c kev creates one of said member-specific 
versions usin g, as in put, a public key of one of said determined in dividuals or a public key of said 




cl erk process. 



Claim 15 (currently amended): The computer program product according to Claim U wherein 
said computer readable program code moano for e ncrypting sel e ct e d encrypted elements in said 
created output document are encrypted using «es a cipher block chaining mode encryption 
process. 

Claim 1 6 (currently amended): The computer program product according to Claim 13, further 
comprising: 

computer-readable program code means for creating a key class for each of said unique 
community communities , wherein said key class is associated with each of said encrypted 
elements of said output document for which members of this unique community is-aa are 
authorized viewer viewers, and wherein said key class comprises: (1) a strongest ajj encryption 
algorithm identifier and kev length used when encrypting requirement of said associated encrypted 
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elements; (2) an identifier of each of said members of said unique community; and (3) one of said 
43erefit member-specific versions of said encrypted symmetric esupfptem key for each of said 
identified community membersraad 

■ mid comp ut e r rc ndobl r pm£rtmv>nri" m rt ™ n f " r p rfmanitiTipr goid on e or more 
r andom encryption toyr gim^f" 1 ™ rt pm+iniil n r nno of said random encryption kcyo for oaoh of 
sa id key olofjoeo, and wherein each of said difi utuii t vcrsiona in a particular key claoo io cnor^t e d 
fr om 30id fi o nc T d t rd rmrryptr^n kfy ^rmm-nt^H fnr nnid k e y qIqdd: and 

g nid compu ter rCfldnM n pr o emm rnrlr monnn frr *TP™Tpri"ff nnbet e d e lemonto uo ea 

°\ 

V &Qt ono of oaid particular rondom encryption keyo which woo generated for said key o l aas with 



which paid selected element fa associated . 

Claim 1 7 (currently amended): The computer program product according to Claim 1 3, farther 
comprising wherein : 

sakl^rnputer-readftble program code means for decrypting, for an individual user or 
process that is a member of one or more of said determined groups, only those encrypted 
elements in said requested output document for which anv of said on e or more of said determined 
groups is one of said authorized community members, farther eeagpraes comgrjsing: 

computer-readable program code means for expanding said one or mor e 
determined groups of anid oommunitieo to determine said individual users or processes thaLaje 
group members in each of said expanded groups; 
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computer-readable program code means for yte&m deterMg one or more of 
said expanded groups. ee«fe of which said indi^ — <* ^ to oM ° f 

said expanded group members; 

computer-readable program code means for decrypting, r^id clerk process for 
each of said d e uami nad Qornm nnit frs identified groups, said SBae* member-specific version of 
said lundom opcrsytt o n ainme^ key w li i i ii w iti cnaryptH nni i M j ^ public I rr y nf mid o tic 
m ui ibu, ^horcm wid i m murttw "^ ^^u ucl r rl gmnp U f UI1 M1 uuM w s i t in g vmr o r 
y i w m u to one of said Utfiiu dad gwp m^m h on , thereby creating a decrypted key for each of said 
dLLLiawln" J ^""""inTi^ww iden tified groups; and 

computer-readable program code means for decrypting selected ones of said 
encrypted elements in said requested output document using said decrypted keys, wherein said 
selected ones of said encrypted elements are those which were encrypted for one of said 
■l o i nrmmnd nnmmumtio s identified ggUEg Hsad 

ooid computer readab l e program code meaiw for rendering fu Ul mi uumpi iu u fl: 

uuiup ul oi l oadn b lr pr ogram o o d c mt - ann fin 1 1 i i l1f rin C ™ iA rf " nrv T tnd gdeoted ones 
and oaid ot b nr \Tt\^n?r J ir* nA " 1aTrM!>0 * a 

Claim 1 8 (currently amended): The computer program product according to Claim 1 7, wherein: 

said cnrnrnrter-readablfi mogram cod e means for encrypting a separate version uses a 
puhlic kev of said clerk process a* input when g rating said member-SDecirlc version for stud clerk 
process; 
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said computer-readable program code means for decrypting said member-specific version 

of said symmetric key further emprises : 

sa& computer-readable program code means for contacting said group clerk process. 

further comprises comprising : 

computer-readable program code means for programrnaticallv locating said 

grottp clerk process ; and 

^con^uter-readable program code means for establishing a session between 

said client a client device used by said individual user orjxrocess and said group clerk process : 

said computer readable program cod e m e ans for decrypting said different version for each 
y\ of said determined oommumtioq further comprise s? 

computer-readable program code means for digitally signing said different 
member-specific version by said individual requesting user or process, thereby creating a first 
digital signature; 

computer-readable program code means for sending said first digital signature and 
said different member-specific version to said group clerk process on said session; 

computer-readable program code means for receiving said sent first digital 
signature and said differed member-specific version by said group clerk process : 

computer-readable program code means for verifying said first digital signature by 
said group clerk process : 

computer-readable program code means for verifying, by said group clerk process , 
that said requesting individual user or process is one of said authori s e d members of said 
dctcrmhicd - eomniunity identified group associated with said differe d member-specific version; 
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computer-readable program code means for decrypting said different member- 
specific version using a private key of said ono member which clerk process- wherein said private 
key is associated with said public key which woo mod for encryption of said clerk process : 

computer-readable program code means for re-encrypting said decrypted different 
member-specific version using a public key of said individual requesting user or process, thereby 
creating a re-encrypted key; 

computer-readable program code means for digitally signing said re-encrypted key 
by said group clerk process , thereby creating a second digital signature; 

computer-readable program code means for returning said second digital signature 
and said re-encrypted key from said g*»u? clerk process to said client device on said session; 



computer-readable program code means for receiving said second digital signature 
and said re-encrypted key at said client device; 

computer-readable program code means for verifying said second digital signature 
at said client device; and 

computer-readable program code means, operable on said client device, for 
decrypting said received re-encrypted key using a private key of said individual requ e stin g user or 
process, creating said decrypted key; and 

said computer-readable program code means for decrypting selected ones of said 
encrypted elements in said requested output document is executed at said client device using said 
decrypted key. 
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Claim 19 (currently amended): The computer program product according to Claim 13, whesefet 
further comprising : 

said computer-readable program code means for decryptin g, for an individual user or 
process that is a memb er of one of said determined groups, only those encrypted elements in said 
r e qu e st e d output document for which any of said one or more of said determ ined prnnpg 0De of 
said authorized community members, further oompriooa comprising: 

computer-readable program code means for expanding said e n e or mor e 
determined groups of fluid communteos to determine said individual users or processes that are 
grout) members in each of said expanded groups 

computer-readable program code means for identifying dotomuoiug one or more of 
said expanded groups communiti es of which said individual r e que s ting user or process is one of 
said e xpan d e d group members; and 

computer-readable program code means for decrypting selected ones of said 
encrypted elements in said rcquootod output document, wherein said selected ones of said 
encrypted elements are those which were encrypted for one of said identified groups determined 
communities; and 

sa id comput e r r e adable program oodo momm for rendering farther oompriooa: 

eamp utor readable program cod e moono for rendering poid returned decrypte d 
elements and soid other unenor 

Claim 20 (currently amended): The computer program product according to Claim 1 9> farther 
comprising wherem 
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sa& computer-readable program code means for contacting said group clerk process, 
further oompriooa comprising : 

computer-readable program code means for programmaticallv locating said group 

clerk process ; and 

computer-readable program code means for establishing a mutually-authenticated 
secure session between s aid cli e nt a client device used by said individual user or process and said 
fflBBp cleric process : and wherein: 

said computer-readable program code means for encryp ting a separate version uses a 
public key of said clerk process as input when cre ating said member-specific version for said clerk 
process: and 

said computer-readable program code means for decrypting selected ones of said 
encrypted elements in said r e qu e st e d output document further comprises: 

computer-readable program code means for locating said member^st^icjfic different 
version of said random e ncryption symmetric key which was encrypted using said public key of 
said onfr ■ t\ teftifefiff clerk process , wherein said clerk process on e m e mber is associated with a said 
expanded g roup of which said individual r e qu e sting user or process is a group member: one of 
s aid expand e d group member s? 

computer-readable program code means for sending said located member^specjfic 
different version to said group clerk process * along with an element encrypted with said member- 
specific diff e rent version, on said secure session; 

computer-readable program code means for receiving said sent member-specific 
version and said element by said &eup clerk process : 
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computer-readable program code means for verifying, by said group clerk process, 
that said r e questing frirfwiriiial user or process is one of said authoriz e d members of said 
d e termined community identified group associated with said member-specific different version; 

computer-readable program code means for decrypting said member-specific 
different version using a private key of said clerk process: on e member which io oooooint e d with 
said public key which wao us e d for e ncryption; 

computer-readable program code means for decrypting said element using said 
decrypted member-specific different version; and 

computer-readable program code means for returning said decrypted element from 

K 

V said group clerk process to said client device on said secure session. 

0 

Claim 21 (currently amended): The computer program product according to Claim 16, wherein: 
said computer-readable program code means for encryp tin g a separate version uses a public key 
of said clerk process as input when creating said member-specific version for said clerk process: 
and further comprising : 

s€ttd-computer-readable program code means for contacting said group cleric process. 
further comprises comprising : 

computer-readable program code means for programmaticallv locating said group 
clerk process : and 

computer-readable program code means for establishing a mutually-authenticated 
secure session between said cli e nt a client device used bv said individual user or process and said 
group clerk process ; 

Serial No. 09/422,537 - 29 - Docket RSW9-99-1 1 1 



PAGE 31/89 * RCVD AT 4^/2004 6:57:1 1 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/0 * DNIS:8729306 * CS1D:4073437587 * DURATION (mm-ss):21-30 



04/87/2004 18:03 1 40734 




PAGE 



said computer-readable program code means for rf^ryptin f > 1 for an indi vidual userj&r 
process that is a member of one of said determined groups, only those encrypted elements in said 
r e qu e sted output document for which any of said one or more of said determined groups is one of 
said authorized community members, further comprising: further ooixroris e fl: 

computer-readable program code means for expanding said one or more 
determined groups of ooid communities to determine said individual users or processes that_are 
group members in each of said expanded groups; 

computer-readable program code means for identifying determinin g one or more of 
said key classes which identify said requ e stin g individual user or process as one of said e^anded 
group members; 

computer-readable program code means for decrypting, for each of said 
determined key classes, said member-specific different version of said symmetric random 
e ncryption key in said key class which was encrypted using said public key of said clerk process 
on e member, wherein said computer-readable program code means for decrypting uses a private 
key of said clerk process one member whfch is associated with said public key which woo uaod for 
encryption, thereby creating a decrypted key; and 

computer-readable program code means for decrypting selected ones of said 
encrypted elements in said requ e st e d output document using said decrypted keys, wherein said 
selected ones of said encrypted elements are those which were encrypted for said key class^aad 
ooid computer readabl e program code moans for rendering farther compriooa: 

comput e r readable program oodo means for rendering acrid decrypted sel e cted onoa 
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Claim 22 (currently amended): The computer program product according to Claim 17, wherein^ 
fiirther comprises : 



— > for contacting onid 

tvui^n ■ " • 

computer-readable program code means for locating said g*»p clerk piocgss; and 
computer-readable program code means for establishing a mutuaUy-authenticated 
secure session between said client device and said gfoap clerk procegs; 
^ mM B MBpntg T on duLb poflffm oo H n mcono for doorsTrtmg J i tfd diff c ir nt v nrmnn t o r nnch 

o£ said deterromed communities) fiudiu oompnooo: 

computCTHreadable program code means for sending said member-specific 4tge«3Rt 

version to said group clerk procejg on said secure session; 

computer-readable program code means for receiving said sent member-specific 
different version by said group clerk process; 

computer-readable program code means for verifying, by said gf©«p clerk process, 
that said individual requesting user or process is one of said authorize d members of said 
Jclrirmmrrl nnrnirmmty identified group associated with said member-specific aSseffc-version; 

computer-readable program code means for decrypting said number-specific 
aSerent-verston using a private key of said clerk process o ne member which ia osoooiated with 
s aid public key which wqd used for encryption; 
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computer-readable program code means for returning said decrypted member- 
specific difl&enfr v ersion from said group clerk process to said client device on said secure 
session; and 

computer-readable program code means for receiving said decrypted member- 
specific different v ersion at said client device; and 

said computer-readable program code means for decrypting selected ones of said 
encrypted elements in said roqueotod output document is executed at said client device using said 
received decrypted member-specific different v ersion. 



(A Claim 23 (currently amended): The computer program product according to Claim 1 7, Claim 21, 
\ 

or Claim 22, wherein said computer readable program codo raoono for rendering further 



c omprises further comprising computer-readable program code means for substituting a 
predetermined r e nd e ring a substitute text message for any of said golected encrypted elements in 
said request e d output document which cannot be decrypted by said oomputor readable program 
cod fr m e ons - for ■ decrypting noid requested output document for said individual user ojqatocess - 



Claim 24 (currently amended): The computer program product according to Claim 19, wherein 
fuithercomprising : 

said computer-readable program code means for contacting said group clerk process. 
further comprise s comprisin g : 

computer-readable program code means for programmaticallv locating said group 
cleric process : and 
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computer-readable program code means for establishing a session between said 
client a client device used by said individual user or process and said group clerk process : and 
wherein: 

said computer-readable program code means for encrypting a separate version uses a 

public key of said clerk process as input when creatine said member-specific version for said clerk 
process: and 

said computer-readable program code means for decrypting selected ones of said 
encrypted elements in said r e qu e st e d output document further comprises: 

computer-readable program code means for locating said member-specific different 
'V version of said random encryption symmetric key which was encrypted using said public key of 
said on e- memb e r clerk process , wherein said one member clerk process is associated with a said 
expanded group of which said individual r e questing user or process is aj^jq^gmberv ese-ef 
said expanded group member s ; 

computer-readable program code means for digitally signing, by said individual 
requesting user or process, said located version and an element encrypted with said member- 
specific different v ersion, thereby creating a first digital signature; 

computer-readable program code means for sending said first digital signature, said 
located member-specific different v ersion, and said element to said group clerk process on said 
session; 

computer-readable program code means for receiving said sent first digital 
signature, said member-specific diff e rent v ersion, and said element by said group clerk process : 
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computer-readable program code means for verifying said first digital signature by 

said group clerk process; 

computer-readable program code means for verifying, by said gpe«p clerk gpcess, 
that said individual requesting user or process is one of said authorized members of said 
dctennmod oommaflfey identified group associated with said member-specific dSfer^-version; 

computer-readable program code means for decrypting said tnember-^ppcific 
«fe^veision using a private key of said clerk process; ono member whioh ia aoooointod with 
ooid public key whioh waa used for encryption; 

computer-readable program code means for decrypting said element using said 
decrypted member-specific different v ersion; 

computer-readable program code means for re-encrypt mg said decrypted element 
using a public key of said individual r e quest i n g user or process, thereby creating a re-encrypted 
clement; 

computer-readable program code means for digitally signing said re-encrypted 
element by said group clerk process , thereby creating a second digital signature; 

computer-readable program code means for returning said second digital signature 
and said re-encrypted element from said group clerk process to said client device on said session; 

computer-readable program code means for receiving said second digital signature 
and said re-eocrypted element at said client device; and 
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computer-readable program code means for verifying said second digital signature 



by said individual requ e stin g user or process. 

Claim 25 (original): The computer program product according to Claim 1, wherein said DTD is 
replaced by a schema. 

Claim 26 (currently amended): The computer program product according to Claim 10, wherein 
Claim 1. wherein said encryption requirement further comprises specification of an encryption key 
length. 



Claim 27 (original): The computer program product according to Claim 9, wherein said inserted 
encryption tags may surround either values of said elements or values and tags of said elements. 

Claim 28 (currently amended): A system for enforcing security policy using style sheet processing 
in a computing environment, comprising: 

means fo r obtaining an input document; 

one or more stored policy e n forcement objeota, wherein each of said stored policy 
enforcement objeota gpcoifios a acou i ily policy to bo associated with zero or mora olomont s of s a i d 



input document; 

means for obtaining a Document Type Definition (DTD) oorrogponding to that defines 
elements of said input document, wherei n; ( 1 1 an attribute o f at least one element defined in said 
DTD boa been augmented with one or more references to sel e ct e d on es ope of a plurality of said 
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stored policy enforcement objects; (? ) more than one of said, rpfrr^rrs may inference a sin^e 

_ tnTr|i ptTHry ^ Ahf«b and q > «t"«l nolicv enforcement objects specifies 

- -mat y pni^ for said refer e nt dement or elements, said visibility policy identifying an 
^^v ptini, reouirerr^t far »H elements havinp that vir ility P" n"Y ™d a coirnnunitY whose 
mft nihers are authorized to v «gw those elements: 

means for armlvw or more «tvl* sheets to said input document, thereby adding 
marku p notation to each element o f arid input document for which, said element definition in sa id 
tvtt> references one of said stored no^ ev enforcement objects sperifyine a visibility PoHcy wj thg 
non-mill encryption requirement lilting in creation of an interim transient document that 
\\ indicates elements of said in put document which are to be encrypted; and 

means for creating an output document in wh ich, each element of said interim transient 
Comment for which markup notatio n has been added is encrypted jn a manner that enables a clerk 
process associated with a group that is a community member authorized to view that element to 

kev distribution material associated with the output docume nt when decrypting the encrypted 
element. 

as-aug mented gtylo ohcet prooossof, wherein add augmented proc e ssor further oompriaca: 
mean s for loading aoid DT&t 

m o a ns for resolving each of said on e or more referenoea in ooid loaded DTP; 
moons for instantiating ooid policy enforcement objootg aoaocintcd with said 
resolved rofor e nc e a; 
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memo for executing oefactod onoo of oaid inptantiatcd policy enfore 
d uring application of one or more atylo nhccto to nnid input document, wherein a result of paid 
ni QQ DJ for executi n g fc nn i nterim t rnmirnt rtn en mrnt rrfl mtin r ; nnii fWrnft1ltift11 ; 

mca m fo r goncrntinc o ne or mnrr rrnirifnn ^n^rpH'nti V«y^ 
means fo r uum y y ti ng selected elements of said interim tranoiont document, wh e r e in 
a particular one of said generated random encryption koyfl may bo uood to encrypt one or more of 
said selected elements, while leaving zero or more other elements of oaid interim transient 
document -unencrypted; 

ffltfKWfr &w gncrrypting each of said one or moto random encryption keys; and 
\£\ moono for creating an onoryptod output document comprising said zero or more 

other un e ncryptod element^ add selected encrypted elements, and paid onciyptod encryption 

mean s for requ e sting^ from a user or process on a client device, paid encrypted output 
document, whoroin oaid user or process is a member of a particular group authorized to view at 
least one of odd s e lected encrypt e d e l e m e nt s ; 

gicans for receiving oaid r e quested output document at gmd client device; and 
on augmented document processor executed on said client device, comprising! 

me ans for contacting a clerk of - said particular group for decryption of s elected 
ones of said encrypted encryption keys; and 

moons for d e crypting oaid requested output document uqing said decrypted 
s el e ct e d ones of said e ncrypt e d encryption keys, thereby creating a r e sult document. 
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Claim 29 (currently amended): The system according to Claim 28, further comprising means for 
rendering said output result document or. sasi-efestt adient device. 

Claim 30 (currently amended): The system according to Claim 28, wherein said markup notation 
in said interim transient document comprises o u c or more ongrypt i ™ id e ntifying . 
nr r r ting rnffryrtf rt " " f * nyarkn p language . 

Claim 3 1 (original): The system according to Claim 28, wherein said input document is specified 
in an Extensible Markup Language (XML) notation. 

Claim 32 (currently amended): The system according to Claim 31, wherein said output tesrit 
document is specified in said XML notation. 

Claim 33 (currently amended): The system according to Claim 28, wherein said stored policy 
enforcement objects further comprise means for overriding a method for evaluating said elements 
of said input document, and wherein said means for applying said one or more style sheets 
executing further comprises means for invoking executing said means for overriding , thereby 
r ancinp said mar kup notation to be added . 

Claim 34 (original): The system according to Claim 33, wherein said style sheets are specified in 
an Extensible Stylesheet Language (XSL) notation. 
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Claim 35 (original): The system according to Claim 34, wherein said method is a value- 
of said XSL rotation, and wherein said means for overriding said value-of method is by 




subclassing said value-of method. 



Claim 36 (currently amended): The system according to Claim 33-ef Claim 35, wherein: 
said evemddea overriding method comprises: 

means for generating ««m*rlqip notation as encryption tags; and 
means for inserting said generated encryption tags into said interim transient 
document to surround elements of said interim transient document foj which said visibility policy 
\ nf «.M elements m Raid inout document have said non-null «e^ctcrmincd to require encryption 



said means for creatin g said output docum ent further comprises means for encrypting 
soteotod elemento enoryp te those elements surrounded by said inserted encryption tags. 

Claim 37 (canceled) 

Claim 38 (currently amended): The system according to Claim 37, wherein Claim wherein 
said encryption requirement further comprises specification of an encryption algorithm to be used 
when encTvpting elem* "** having that visibility policy. 
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Claim 39 (currently amended): The system according to Cl aim 37, wherein Claifli 28, whg em 
said encryption requirement further comprises specification of an encryption algorithm strength 
value to be used when encryptin g elements having that visibility PQlig. 

Claim 40 (currently amended): The system according to Glrim 37, wher e in piaim 78, wherein 
«iiH means for m-eaimg said output document further comprises: 

means for ger ^i^ F a. distinct symmetric kev for eac h unique one of said commutes 
identified by said visibility policy in said sto red policy objects for each of said elements of $aid 
input doc ument: and 

said-means for encrypting each of said distinct symmetric keys to create member-specific 
versions thereof furth er comprising: 

means for determinfr p whether each of said m embers of said community for which 
said distinct symmetric kev was generated is an individual or a group; and 

tram* for encrypting a separate version of said distinct sy mmetric key for each 

determined individual and for a clerk process associated with each d e termined group, encryption 
k eys farther comprises moano foi encrypting a different vcroion of oooh of said random encryption 
leoya for each of paid one or more members of oaoh of zero o r more of said communities which 
uses sfl*d-onoryption key , and wherein oooh of said different versions b encrypted using a pub B e 
key of goid community member for which oaid diffei e nt version woo encrypted ? 

Claim 41 (currently amended): The system according to Claim 37, wboroin onid e ncrypti on 
re q uirement amy have a null value to indicate that quid specified security po li cy doe s not requir e 
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^vpt^ rkim 40. wherein g rid means for encrypting a separate version of said distinct 
gymnretric kev creates one of sai d Tnemher.speeific versions using, as jnput, a public key of one of 
said determine individuals or a public kev of said clerk process. 



Claim 42 (currently amended): The system according to Claim 28, wherein said i 
encryptnir; rlntf d fimE^d 4 " <™**«1 «™tput document are encrypted using uses 

a cipher block chaining mode encryption process. 

Claim 43 (currently amended): The system according to Claim 40, farther comprising; 
^\ means for creating a key class for each of said unique oommunity communities, wherein 

said key class is associated with each of said encrypted elements of said output document for 
which members of this unique community »-a» are authorized viewer viewers, and wherein said 
key class comprises: (1) n ntwmgnir pn encryption algorithm identifier and kev length used when 
encryptmp; requirement of said associated encrypted elements; (2) an identifier of each of said 
members of said unique community; and (3) one of said different member-specific versions of said 
encrypted symmetric encryption key for each of said identified community membersf-aad 

said roooM - for generating mid on e or more random encryption keys gen e rat es a 
particular one of ooid random encryption key s for each of floid k e y classesyond wherein e ach of 
gmd diff e rent voraiono in a particular key class is e ncrypted from said generated encryption key 
jjcuci atod for said key olaan; and 
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G a id i tKV XC fo r cnc TTptx n c irlrrtrri Hrmrntf ihnf ™™ ""d partioulor random 
encryption farp whfch vmi 1™y ohm with which paid oeleotod clement is 



Claim 44 (currently amended): The system according to Claim 40, further comprising whefeia: 

said-means for decryp tin g, for an individual user or process that is a member of one or 
more of said determined groups, only those encryp t ed elements Jn said requootod output 
document for which any of said one or more of said determined groups is one of said authorized 
commuanritv members, further compris es comprising : 
Gy Bftwiiw for rapanding said one or moro determined g roups of said oommuniti es to 

detennine said individual users or processes that are grou p members in each of said expanded 
groups; 

means for identifying dotcrmming one or more of said expanded groups 
immunities of which said individual reque s ting user or process is one of said expanded group 
members; 

means for decrypting, bv said clerk process for each of said det e rmine d 
commtmitioo identified groups , said d ifferent member-specific version of said g ondom encryption 
symmetric ke y which woo encrypt e d using said public key of said ono member^ wh e r e in s aid on e 
memb e r is said expanded group of which said re q uesting user or preoooo io one of said e xpand e d 
group members , thereby creating a decrypted key for each of said determined oommun ities 
identified groups : and 
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means for decrypting selected ones of said encrypted elements in said requested 
output document using said decrypted keys, wherein said selected ones of said encrypted elements 
are those which were encrypted for one of said d gtenninod communities identified goups H*** 
arid moons for rendering further cotapriacs: 

mcara for rendering cold rjnnryptrvl Ported onan and arid other unencrypted 

el e men ts. 

Claim 45 (currently amended); The system according to Claim 44, wherein: 

said mftflt™ for encrypting a separate version uses a public key Q f said clerk process a; 
input when creating said member-specific version for said clerk process; 

(X 

V X said means for decrypting said member-specific version of said sy mmetric, tev further 

comprises : 

said means for contacting said group clerk process, further compri s es comprising: 

means for programmaticafly locating said group clerk process; and 

means for establishing a session between said client a client device ugedby 



said individual user or process and said group clerk process ; 

stud moons for decrypting ooid different version for each of qnid det c im i nod communiti e s 
fU il hoi coniprisca: 

means for digitally signing said different member-specific version by said individual 
requesting user or process, thereby creating a first digital signature; 

means for sending said first digital signature and said different member-specific 
version to said ^eup clerk process on said session; 
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means for receiving said sent first digital signature and said different meqfrer- 
specific version by said group clerk process: 

means for verifying said first digital signature by said group clerk process; 
means for verifying, by said clerk proce_ss , that said. re questi n g individual 
user or process is one of said authorized members of said determin ed n omninntt y identified grpug 
associated with said differs** member-specific version; 

means for decrypting said difleront member-s pecific version using a private key of 
said ono member whieh clerk process, wherein said private key is associated with said public key 
vfrinfr nrtin moA for onoryption of said clerk process ; 
r means for re-encrypting said decrypted differen t member-specific version using a 

\ public key of said individual requesting user or process, thereby creating a re-encrypted key; 

means for digitally signing said re-encrypted key by said group clerk process, 
thereby creating a second digital signature; 

means for returning said second digital signature and said re-encrypted key from 
said group clerk process to said client device on said session; 

means for receiving said second digital signature and said re-encrypted key at said 

client device; 

means for verifying said second digital signature at said client device; and 
means, operable on said client device, for decrypting said received re-encrypted 
key using a private key of said individual requesting user or process, creating said decrypted key; 
and 
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said means for decrypting selected ones of said encrypted elements in said requested 
output document is executed at said client device using said decrypted key. 

Claim 46 (currently amended): The system according to Claim 40, wfeet^further comprising 

said means for .w-yp tinp , far * V individual user or process that is a member of one of said 
determined pr ouns. only those encrypted elements in said requ e ste d output document forwhfe h 
m of gairi o ne or more of said determin e d proups is one of said authorised community members, 
further eerapmes comprising : 

means for prrpnn^ing said on e or more determined groups of onid communiti es to 

(V determine said individual users or processes that are crou p members in each of said expanded 

(v 

[ft groups; 

means for identifying d c t cfmming one or more of said expanded groups 
communities of which said individual requesting user or process is one of said expand e d group 
members; and 

means for decrypting selected ones of said encrypted elements in said reque s t e d 
output document, wherein said selected ones of said encrypted elements are those which were 
encrypted for one of said identified groups determin e d - oommunftiea; and 
floid mean s for rendering further comprfaoo: 

means for rendering said return e d d e crypted element s and said other unencrypted 

Claim 47 (currently amended): The system according to Claim 46, further comprising wherein : 
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said means for contacting said group clerk process, further comprise s comprising- 
means for programma tjcally locating said group cleric process : and 
means for establishing a mutually-authenticated secure session between paid client 
ajsjfeait device used bv said individual user or process and said group clerk process : and wherein: 

said means for encrypting a separate version uses a public kev of said clerk process as 
input when rreflti^ qaid member-specific version for said clerk process: and 

said means for decrypting selected ones of said encrypted elements in said r eq uest e d 
output document further comprises: 

means for locating said member-specific diffe f e aS version of said random 
encryption symmetric key which was encrypted using said public key of said on e m e mber clerk 
process, wherein said clerk process one member is associated with a said e xpand e d group of 
which said individual rcemogting user or process is a group member: one of said expanded proup 



means for sending said located member-specific different version to said jpoup 
clerk process , along with an element encrypted with said member-specific different version, on 
said secure session; 

means for receiving said sent member-specific different version and said element by 
said group clerk process : 

means for verifying, by said group clerk process, that said r e questing individual 
user or process is one of said authorize d members of said d e t e rmin e d community identified proup 
associated with said member-specific different version; 
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means for decrypting said member-specific different version using a private key of 
said clerk process; one member which in iwmdrvtnH with «wid piifrlfr koy which v/ os use d , for 
enoryptioi B; 

means for decrypting said element using said decrypted member- specific different 

version; and 

means for returning said decrypted element from said group clerk process to said 
client device on said secure session. 

Claim 48 (currently amended): The system according to Claim 43, wherei n: said means for 
encrypting a separate version uses a raihlic kev of said c lerk process as input when creating said 
\*\ member-specifk versi on for said clerk process: and farther comprisinp : 

said-means for contacting said gfeap clerk process, further oompriges cpmprjsjng: 
means for progjrarnrnatjcaUy locating said gFe»p clerk process: and 
means for establishing a mutually-authenticated secure session between said client 
aglient device used bv said individual u ser or process and said psmp pIpA- jv^^t^. 

said means for decrypting, for an mdtvidi.,,1 user or process that is a member of one of said 
determined groups, ontv those encryp ted events «*M m ilpM drtqtmrat fcQjifcli 

any of said one or more of said determined gronm i s one of said a uthorized community member*, 
further com prising fiirtW n. i ijn ; 

means for expanding said one or mow determined groups of said communitie s to 
determine said individual users or processes that are group memh^ m eac h of said expanded 
groups; 
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means for identifying determining one or more of said key classes which identify 
said re q uestin g individual user or process as one of said expo*!*} group members; 

means for decrypting, for each of said determined key classes, said member- 
snecific different vision of said symmetri c ran do m enc ryption key in said key class which was 
encrypted using said public key of said clerk process one member, wherein said means for 
decrypting uses a private key of said deft process one momber wh i c h i n nMooiaic d w it h j u kl 
publio key which woo mod for encryption, thereby creating a decrypted key; and 

means for decrypting selected ones of said encrypted elements in said requested 
output document using said decrypted keys, wherein said selected ones of said encrypted elements 
are those which were encrypted for said key class^-aad 
s aid means for rendering, further compriflc&n 

menus for rendering mud decryptrvi now nA nn j ?n jj om cr ^p ^ ^^ 

Claim 49 (currently amended): The system according to Claim 44, wherein: 

SaM means for decrypting .said member-spe cific versinti fiuther comp ri^- 

ooid moam for contacting anid group elork farther comprises 
means for locating said group clerk process ; and 

means for establishing a mutually-authenticated secure session between said client 
device and said g*owp clerk process 

monns for dcoryp ti m . joid diflW vr , , inn fc, ^ , f , n m dnfrrmilir ri nommuiiiLlaj 
fUrthor comprises: - 
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means for sending said member-specific different version to said group clerk 
process on said secure session; 

means for receiving said sent member-specific different v ersion by said group clerk 

process ; 

means for verifying, by said group clerk process, that said individual r e qu e sting 
user or process is one of said authorized members of said determined community identified group 
associated with said member-specific different v ersion; 

means for decrypting said member-specafic different version using a private key of 
said clerk process one member whioh is as s ociat e d with said public key which wa s used for 
e ncryption ; 

means for returning said decrypted member-specific different v ersion from said 
group clerk process to said client device on said secure session; and 

means for receiving said decrypted member-specific different v ersion at said client 

device; and 

said means for decrypting selected ones of said encrypted elements in said r e qu e st e d 
output document is executed at said client device using said received decrypted member-specific 
different-version* 

Claim 50 (currently amended): The system according to Claim 44, Claim 48, or Claim 49, 
wh e rein said means for rendering further comprises farther comprising means for substituting a 
predetermined rendering a substitute text message for any of said se lect e d encrypted elements in 
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said requested output document which cannot be decrypted by said means for d e crypting said 
requested output document ferL said individual user or process . 

Claim 51 (currently amended): The system according to Claim 46> wherein further comp rising: 
said means for contacting said group clerk process, further compris es comprising : 
means for programmaticallv locating said jgettp clerk process : and 
means for establishing a session between said client a client device used by said 
individual user or process and said «eup clerk process : and wherein: 

said means for encrypting a separ ate version uses a public key of said clerk process 

input when emfttinp sn ji member-specific version for said clerk process: and 
^ said means for decrypting selected ones of said encrypted elements in said requested 

output document further comprises: 

means for locating said member-specific diSeren* version of said r andom 
epfla yption symmet^c key which was encrypted using said public key of said on e member clerk 
BEecess, wherein said one member clerk process is associated wrtfea s^d expondod g roup of 
which said individual requesting user or process is a group membey; one of said expanded gro up 
members; 

mfcans for digitally signing, by said individual requesting user or process, said 
located version and an element encrypted with said member-sp ecific djjBfereB fe - version, thereby 
creating a first digital signature; 

means for sending said first digital signature, said located member-specific different 
version, and said element to said group clerk process on said session; 
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means for receiving said sent first digital signature, said m.mher-specific &S*«* 
version, and said element by said gre«p clerk process; 

means for verifying said first digital signature by said group clerk recess; 

means for verifying, by said ^eup clerk njecess, that said mdiyjdj^feqaesting 
user or process is one of said a«te*e4 members of said d Uami nad comm n nity identified firoup 
associated with said memterrsrjecjfis different version; 

means for decrypting said member^soecific diiefeafr-version using a private key of 
^id clerk process: em utambct which io nnnon iatod with said public key which woo used for 

15I.RJ1 j^tJWj 

means for decrypting said element using said decrypted member-specific deferent 

version; 

means for re-encrypting said decrypted element using a public key of said 
individual feqaestfeg user or process, thereby creating a re-encrypted element; 

means for digitally signing said re-encrypted element by said group clerk process , 

thereby creating a second digital signature; 

means for returning said second digital signature and said re-encrypted element 

from said group clerk process to said client device on said session; 

means for receiving said second digital signature and said re-encrypted element at 

said client device; and 
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means for verifying satf second digital signature by said individual user 

or process. 



0- 



l1 



Claim 52 (original): the ^sttm accoritog u> cbta 28, ^nan said DTD to replaced by, 

schema. 



Claim 53 (currently amended): The system according to Chim37, ^ W iu Claim 2* 
said encryption requirement further comprises specification of an encryption key length. 

Claim 54 (original): The system according to Claim 36, wherein said inserted encryption tags may 
surround either values of said elements or values and tags of said elements. 

Claim 55 (currently amended): A method for enforcing security policy using style sheet 
processing, comprising the steps of: 
providing an input document; 

p f f H rtin C m> Uuu ^" Jy u % onfh r nrmLu t u l ju. u wh r m i n , „, h uf mI J J luju l 

^enforceme nt n hj nn t i j^Ui^ a^^^ m i n l m n^nt^ m n rmorQ 

of arid input document, 

providing a Document Type Definition (DTD) .e^espeedtoe that define 
said input document, wherein: q) an attribute of at 1— ^ ^ ^ DTD ^ 

bee ^^ W * W ^™ referenc <* t P O oI oct o d o nu m^^f^Mtv of said stored 
policy enforcement <****fiU«^^ 
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les a 
an 



policy enforcement onfrrf md Q ^aA * said stored policy element object, ^ 
visib aity policy for .said rWhy^^^ nnlW 
encryption regiment for all elements hav in g that visib ilit y pol icy ^ a enmfnimi>v 
members are aiithnriraH tn view tlmae rI^.^ 

MBMB W or more sty le she ets to said inp ut doc^t t h ereby adding n^ T ^ 
to each element of <*id input document for which ,<n d element define t, tp frfrjII]£ ^ 
Ofte of said stored policy mfmmnent oh,^ ttIQ a visMftyj^^ 
enfiryptjon requirement ,, trsiilrinrt fa cat ion of an interim dr*^ r y i-,^ 

elements of sajd input document wh,Vh a re to be encryp t^; a ~i 

« TO * docume nt in nMrt. end, elemsnt nf w.^ „„, 

which nMftnp station hw been ndrlrrl is encrvnteH in « manner that ^ . ^ 

^^-^ a W0UP ^ * * i™nher anth ori^ te ^ , M element te _ ^ 
d i^bution material , w iated th, n,, , , ,, |tr when ^ ^ ^ 

nm rnft x nn nmmimto d nt yln ,1 „ , n pi o UUJU r fill 1 1 ^ j lLp j ^ 

Ending paid DTD, 

mn o hTne ea c h n f nni d n m u i uim n r n frre nn. j in j i iid loaded DTD , 
mmnti n t in & u uidp o lkj uufo rnnmnffl nhf , „» ■■■>, | T i i im i rti d f CJu k w l 

refercnouu; 

executing joicn tPd oncj u f j ui d m^w;^ r i li i j n imirnmriit || T > . u y 

«ppficntinn nf n„ Jt J L ^uU to 1 i nr „t nVumuu L, . Win n 1 , u f ^ ^ p f 

° >rP ffl ,tfnp r|1 ' 1 l ' JMUjim m mnirn i dm uoi tul r rten t i ^ .ai d ^uutiu i i, 

Eonpititing o n e or more randum o ner^U u u k e y*, 
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Pg ferf n r ° 11 0 nf n " iH " 1 1 " ' tn rnn, T llf ,,u L ui m^. „j 
^ nHPPfPrt " ? M L »> mm, uth, . L u u ,f nn id ^ tltuljiuU 



n nowin f , uu di uf Tn id nnr 0 1 mum r nn rt om mu y pi faml Ua j j i, a n d 

opt i ng nn cno i ^t od m ifpu t Jui) U l u uu f ^ rf^ ■ ni.1 u i m u m ulLu 

n n ^ t0d L k ' " nn H " rT|1 "" * Ut , and oo i d , , „ W ni n K i y pau uUM 

n - qn w t i H B, fin m U u ju ui uiu u, , „ nlirn t d u tf m, j uU , rn^ t od o ut p ut d o ^ e^ 

herein said uJu HM -p m ^ h , m cuibu o r,, pn rt innlnr suh,,, mui^Ud u, . kw^W^ 
stiid selected punr yptod ul u m eiHu, 

** *mng saidro qu ocrf nd oxrt put ducumenf nt mfi i iJ k ul d u ^ i, unJ 

^ ^' tiT, C n n ""^ ' ^ rt nn " I ^ ^,uu o nid ch em da.i ^ A^ 

comprising tho ptopg pf k 

«e*ae ^ ol ^ c f s ai d putt ie, ,, pmn p fhr A r ■■ 1, H,d unu ol ^ 

enciyptod o no r3>ptiou fo i yuj uu d 

doorjpttog mil irqucjtod output douuiu mt using aaid dooryptcd aeJoctod ouoa o f 
" nM ""^ |i>. , 1 j jiHu ui L j j , t hr r rl. j .Kitli uft u result docu ment, 

Claim 56 (curtly amended): U* method according to Claim 55, fcrther comprising the step of 
rendering said outpjyj document on saidHjBeHt a^Ugaj device. 
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a 



npodinfl cno i j pUuu of a markup 
in an Extensible Markup Language (XML) notation, 
document is specified in said XML notation. 

Oda^cun^an^ * n^d acco^ to CWm S3> wtoeh ^ ^ ^ 
aa^cuaiite fpda, thereby can - rin g ^ ,„ ^ 

Clatafl (origbal): ^^a^rding to C 1 a ta 60 > »»^^ sWes ^ STOSpe ^ in 
an Extensible Stylesheet Language (XSL) notation. 

Claim 62 (original): Tbemethod according to data «, 1 »hen* said n*^ is a vatae-of 
method of said XSL notation, and wherein said step of overriding said vahie-of method is by 
subclassing said vahie-of method. 
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(K 



said step of o«„iding fcnher comprises the steps of! 

generating ajd matfrip ^fr,, ^3^^ ^ ^ 

-U gawaed encyptkm tags tato said taerin, ttansie* document «, 



requirement; anH 



Claim 64 (canceled) 

^'^'^^a^acco^toe*,*^ 
" ten epCTYDtine element. ^ vjp f l ha , 

said eoaypHo. mfimmt ^ rf ^ 

value W> to BKd when fnmrnrnit element. K,^ ,i,„ vi.^ 
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said step of o il ing said PMtpm w «^ rn mBrj5ei ^ ^ ^ 



and 



vroipro thereof fimhe, 1|lr ^ ^ 

j fe«nc( gvmmwrif key »»■ ■»~ w ^ fa M m^ ,^ ^ n ^ 

^^a^v^nnof^^ ^-,,.,,, „ , n ^ 

l1 "^ ^"" v " f ' mi Ua. b U j, „ n , m .^j,,, ^ 

U ""^ nf ,,M , ulh ^ ^ 

, ll hwh „ f ,„. , |M , , ,„ | ^ | uaj||M ^ ^ ^ ^ 

mmm n laa/ml^th,^,- 1 . niT rrnm m, , ,,-, ^ 

Wh»>^1 ^ , M, Mc n.in^^ fc M l lu | ^ 

fay create, o™ of ^ nwm^ n-fr r ffi joBsuang ^, ^ . ^ ^ nfm 

detemroed individuals or » public key of ^jd clerk nrcwre c 
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a cipher block chaining mode encryption process. 

Claim 70 (currently amended): The method according to Claim 67 fi.^ 

«*unung to Claim 67, further comprising the step 

of: 

creating a key class for each of^aid unique eemma«te , . 

4 ^mmumty communities, wherein said key 

class is associated with each of said encrvnted *\-m*«t* „*■ 

epcr yP te ^ elements of said output ^ >mrnt frr w|) . h 



Pm "' "" r " " " " r ■" " »^ '»H .n l m n„ Jt u j u^ .^^.^ 

g enerated f o r mid leoy clwa ,' ; md 

imri flop of uiiciyptmg oolco mri olomcuto uw n t hn t o<m u f jnid particular l aadem 
my&kn Imjb n li ir fi t wi g g umuu ul f o r and Lej u lu jj m th w h i n h <mM u t k iM M uk mcn t-w 
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Cto7, (currentfra^ended): V.m*« m +, i , a * l „. MmmMT ^^ Tjf 

wherein: 

which said jodiyj^jjgj n^wsting user or process js one of said eKpogded group members; 

■taayptfag, iBL^McjgkDroc^ fa- ^ * V|) ;| . j 

° W ^ '-" f ^* ^ - P ^l ... ^ ^.^ 

^^"''^^fbreacaofs^de*,*^^^ 

decrypting selected ones of said encrypted elen^ fa said OMpul 
„ stag ^ decrypted leys, wh^ s* seiected one, of said encrypfcd e,^ , 
*»■ which were ene^ed fbr one of said 4^ Ki ^ amaMKjis ^ ije!!im ^ 



> are 



he* 



™ <.Prin C JciLi j ipLt J netooted ^ linr i ^ n t „ | J ||>U|| 

Claim 72 (currently amended): The method according to Claim 71, wherein: 
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said step o f enc fypt jnp a separa te version uses a pubfcJ^LoXsaid clerk process as input 

when, creati ng said member-specific version for said clerk process: 

said step of decn^ptingjsaid member-specific version of said symmetric key further 

comprises the steps oft 

gaid step of contacting said group clerk process, further compris es comprising the steps 

of: 

pro grammatically locating said greMp clerk process : and 

^establishing a session between s aid client a client device used by said 

individual user P)T FTQCgss and said grewp clerk E£oce§§; 

s aid s tep of decrypting paid different veraion for each of add determined communities 
further oompr i oos the step s of: 
\P\ digitally signing said djgeregt member-specific version by said individual 

r e questing user or process* thereby creating a first digital signature; 

sending said first digital signature and said different member-specific version to 
said group clerk process on said session; 

receiving said sent first digital signature and said different member-specific version 
by said group clerk process : 

verifying said first digital signature by said group clerk process : 
verifying, by said group clerk process , that said requesting individual user or 
process is one of said authorized members of said determined communit y identified group 
associated with said diflero Ht member-specific version; 
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decrypting said differ e nt member-specific version using a private key of said one 
member wfeaeh clerk process, thereby said private key is associated with said public key wbioh 
was used for cnoryptioB of said clerk process : 

re-encrypting said decrypted different member-specific version using a public key 
of said inHiviHiml requesting user or process, thereby creating a re-encrypted key; 

digitally signing said re-encrypted key by said ^eup clerk process , thereby 
creating a second digital signature; 

returning said second digital signature and said re-encrypted key from said group 
clerk process to said client device on said session; 

receiving said second digital signature and said re-encrypted key at said client 

device; 

verifying said second digital signature at said client device; and 
decrypting, at said client device, said received re-encrypted key using a private key 
Of said individual r e qu e sting user or prneggft. creating gaiH A^yj^^ fr»y- m ^ 

said step of decrypting selected ones of said encrypted elements in said requested output 
document is executed at said client device using said decrypted key. 

Claim 73 (currently amended): The method according to Claim 67, wbefem-further comp rising 
the stepqj f: 

said step of decrypting, for an indiv idual user or process that is a member of one of said 
determined groups, only those en crypted elements in said requested output document for which 
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0- 



(1 



any of said one or more of said deteimmed,fapoups is one of said authorfr ffd cnmrmmttv members, 
farther oomprigoa comprising the steps o£ 

expanding said ono or moro determined groups of said commu nit ies to determine 
said individual users or processes that are group members in each of said expanded groups; 

identifying determining one or more of said expanded groups communitie s of 
which said individual request i ng user or process is one of said e xpand e d group members; and 

decrypting selected ones of said encrypted elements in said requested output 
document, wherein said selected ones of said encrypted elements are those which were encrypted 
for one of said identified groups determ i ned onmmiinfftnfl; -mwi 
said jtop of rendering, further comprises the st ep-efe 

rendering oaid returned decrypted elements and said other unencrypted elements . 

Claim 74 (currently amended): The method according to Claim 73, farther comprising the 

***** steP of contacting said group clerk process, further oomprim comprisinp the steps 

of: 

pro grammatically locating said group clerk process : and 

establishing a mutually authenticated secure session between satd-efeat a client 

device used by said mdividiial user or process and ^ wy p^rg^; and stem: 

Said step of encrypting a separate version uses « p ublic kev of said clerk nroceas as input 

when creating said member-specific versi on for said cler k process: and 
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said step of decrypting selected ones of said encrypted elements in said requested output 
document further comprises the steps of: 

locating said member-specific different version of said random encryption 
sYyraretric key which vvas encrypted using said public key of said one member clerk process , 
wherein said clerk process one member is associated with a quid expanded group of which said 
individual requesting user or process is aLgroup member: one of arid expanded group membcra* 

sending said located member-specific different version to said gfeap clerk process , 
along with an element encrypted with said member-specifiq drawee* version, on said secure 
session; 

receiving said sent member-specific diflerei tf version and said element by said 
group clerk process : 

verifying, by said gfetep clerk process , that said requesting individual user or 
process is one of said authori s e d members of said determined oommunity identified group 
associated with said member-specific differ e d version; 

decrypting said member-specific different version using a private key of said cleyjc 
Bgoggssj one mombcr which iu Qaoociotod with add public key which wna used for onoryption; 

decrypting said element using said decrypted member-specific difiefeet version; 

and 

returning said decrypted element from said group clerk process to said client 
device on said secure session* 

Claim 75 (currently amended): The method according to Claim 70, wherein: 
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saicLstep of encrypting a separate ve rsion uses a public key of said clerk process as input 

when creati ng said member-specific version for said clerk process: and farther comprising the 
steps ot 

ooid step of contacting said group clerk process, further ee mpriaos comprising the steps 

ofi 

prnprflt^m aticaUy locating said group clerk process : and 

establishing a mutually-authenticated secure session between said client a client 
device used by said individual user or process and said «eue clerk process ; 

said step of decrypti ng, for an individual user or process that is a member of one of said 
determined groups, only those encrypted elements in said r e qu e st e d output document for which 
any of said one or more of said determined pmir ps is one of said authorized community members. 
^ farther comp rising farther compr ises the steps ofi 

expanding said ono or more determined groups of aaid communiti es to determine 
said individual users or processes that are group members in each of said expanded groups; 

identifying det e rmining one or more of said key classes which identify said 
roquogting individual user or process as one of said expand e d group members; 

decrypting, for each of said determined key classes, said member-specific difife f o gfc 
version of said symmetric random encryption key in said key class which was encrypted using said 
public key of said clerk process on e member, wherein said step of decrypting uses a private key of 
said clerk process one member which ig mMnomted with nnH pnhlin i»y nflnnh nmq v ^ j fc r 
encryption , thereby creating a decrypted key; and 
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decrypting selected ones of said encrypted elements in said requested output 
document using said decrypted keys, wherein said selected ones of said encrypted elements are 
those which were encrypted for said key classfaed 

said step of rendering-farther comprises th e step of: 

rendering said decrypt e d aoloeted ones and said other unencrypted elements . 

Claim 76 (currently amended): The method according to Claim 71, wherein: 

said step of decryp tin g said member-specific version further comprises the steps of: 

said stop of contacting ooid group olork furth e r comprises the steps of 
beating said geup clerk process : and 

establishing a mutually-authenticated secure session between said client device and 
said group clerk process : 

ooid stop of d e crypting ooid different version for cooh of said d e t e rmined communities 
further eomprioos th e s t e ps o£ 

sending said member-specific different version to said group clerk process on said 

secure session; 

receiving said sent member-specific different-version by said group clerk process : 
verifying, by said group clerk process , that said individual requesting user or 

process is one of said authorised members of said determinod - oommunity identified group 

associated with said member-specific different v ersion; 

decrypting said member-specific diflercH fe-version using a private key of said clerk 

Blgcras e n e m e mber which is associated with said public key which woa uqod for encryption ; 
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returning said decrypted member-specific different version from said group cleric 
process to said client device on said secure session; and 

receiving said decrypted member-specific dSfereat-version at said client device; 

and 

said step of decrypting selected ones of said encrypted elements in said requested output 
document is executed at said client d e vice using said received decrypted member-specific different 
version. 

Claim 77 (currently amended): The method according to Claim 71 , Claim 75, or Claim 76, 
wherein said st e p of rendering further comprises further comprismp the step nf substituting a 
predetefliripsci r e ndering a substitute text message for any of aoid sotoctod encrypted elements in 
said r e qu e st e d output document which cannot be decrypted by arid stop of d e crypting said 
requested output document for said individual user or process . 

Claim 78 (currently amended): The method according to Claim 73, wherein further comprising 
the steps oft 

said otop of contacting said gpeup clerk Process, further eemprioea comprising the steps 

of: 

EiQgrammaticallv locating said group clerk procegg : and 
establishing a session between said client a client device used bv said individual 
user or process and said group clerk process : and wherein: 
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said step of encrypting a separate version uses a public key of said clerk process as inp ut 

when crefltfnpr said m ember-specific version for said clerk process: and 

said step of decrypting selected ones of said encrypted elements in said requested output 
document further comprises the steps of: 

locating said member-specific diffc g e g* version of said random encryption 
symmetric key which was encrypted using said public key of said ono member clerk process , 
wherein said one member clerk, process is associated with a ooid cxpandcd-group of which sai d 
individual r e questing user or process is a group member: ono of said expanded group members; 

digitally signing, by said individual requesting user or process, said located version 
and an element encrypted with said member-specific d^ferefifr-version, thereby creating a first 
digital signature; 

sending said first digital signature, said located member-specific different version, 
^ and said element to said ££=eup clerk pEQfiess on said session; 

receiving said sent first digital signature, said member-specific different version, 
and said element by said group clerk process: 

verifying said first digital signature by said group clerk process : 

verifying, by said group clerk process , that said individual request iag user or 
process is one of said authorized members of said determined community identified group 
associated with said member-specific differ e nt v ersion; 

decrypting said member-sp ecific different v ersion using a private key of said clerk 
p rocess; on e member which \n nnnnmntnH nrfrb «^ piiblir key which ttco upod for e n c rypti o n; 

decrypting said element using said decrypted member-specific dififere^-version; 
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re-encrypting said decrypted element using a public key of said individual 
requesting user or process, thereby creating a re-encrypted element; 

digitally signing said re-encrypted element by said g r ou p clerk process * thereby 
creating a second digital signature; 

returning said second digital signature and said re-encrypted element from said 
group clerk process to said client device on said session; 

receiving said second digital signature and said re-encrypted element at said client 

device; and 

verifying said second digital signature by said individual requeating user or process. 




Claim 79 (original): The method according to Claim 55> wherein said DTD is replaced by a 
schema* 



Claim 80 (currently amended): The method according to Claim 6*1, whoroin Claim 55. wherein 
said encryption requirement further comprises specification of an encryption key length. 

Claim 8 1 (original): The method according to Claim 63, wherein said inserted encryption tags 
may surround either values of said elements or values and tags of said elements. 
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